Vulnerability   
Search   
    Search 191973 CVE descriptions
and 86218 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.844682
Category:Ubuntu Local Security Checks
Title:Ubuntu: Security Advisory for netty (USN-4600-2)
Summary:The remote host is missing an update for the 'netty'; package(s) announced via the USN-4600-2 advisory.
Description:Summary:
The remote host is missing an update for the 'netty'
package(s) announced via the USN-4600-2 advisory.

Vulnerability Insight:
USN-4600-1 fixed multiple vunerabilities in Netty 3.9. This update provides
the corresponding fixes for CVE-2019-20444, CVE-2019-20445 for Netty.

Also it was discovered that Netty allow for unbounded memory allocation. A
remote attacker could send a large stream to the Netty server causing it to
crash (denial of service). (CVE-2020-11612)

Original advisory details:

It was discovered that Netty had HTTP request smuggling vulnerabilities. A
remote attacker could used it to extract sensitive information. (CVE-2019-16869,
CVE-2019-20444, CVE-2019-20445, CVE-2020-7238)

Affected Software/OS:
'netty' package(s) on Ubuntu 18.04 LTS.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2020-7238
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TS6VX7OMXPDJIU5LRGUAHRK6MENAVJ46/
https://github.com/jdordonezn/CVE-2020-72381/issues/1
https://netty.io/news/
https://lists.debian.org/debian-lts-announce/2020/02/msg00017.html
https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html
https://lists.debian.org/debian-lts-announce/2020/09/msg00003.html
RedHat Security Advisories: RHSA-2020:0497
https://access.redhat.com/errata/RHSA-2020:0497
RedHat Security Advisories: RHSA-2020:0567
https://access.redhat.com/errata/RHSA-2020:0567
RedHat Security Advisories: RHSA-2020:0601
https://access.redhat.com/errata/RHSA-2020:0601
RedHat Security Advisories: RHSA-2020:0605
https://access.redhat.com/errata/RHSA-2020:0605
RedHat Security Advisories: RHSA-2020:0606
https://access.redhat.com/errata/RHSA-2020:0606
RedHat Security Advisories: RHSA-2020:0804
https://access.redhat.com/errata/RHSA-2020:0804
RedHat Security Advisories: RHSA-2020:0805
https://access.redhat.com/errata/RHSA-2020:0805
RedHat Security Advisories: RHSA-2020:0806
https://access.redhat.com/errata/RHSA-2020:0806
RedHat Security Advisories: RHSA-2020:0811
https://access.redhat.com/errata/RHSA-2020:0811
CopyrightCopyright (C) 2020 Greenbone Networks GmbH

This is only one of 86218 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2020 E-Soft Inc. All rights reserved.